[Bro] OpenSSL security issue affecting Bro
johanna at icir.org
Thu Dec 3 12:01:28 PST 2015
The OpenSSL Project today published a security advisory, that affects
users of Bro that are using the X.509 certificate validation functionality
of Bro. Note that this functionality is not enabled by default - typically
it is enabled by either loading the policy script
protocols/ssl/validate-certs.bro or protocols/ssl/validate-ocsp.bro.
The OpenSSL bug can cause a null-pointer exception when parsing certain
malformed X.509 certificates and can potentially be used for DOS attacks.
The issue affects OpenSSL 1.0.1 and 1.0.2 and was fixed in OpenSSL 1.0.1q
and 1.0.2e respectively. If you use Bro and perform certificate
validation, you should update as soon as possible.
The original OpenSSL security advisory is available at
https://www.openssl.org/news/secadv/20151203.txt. It also contains a few
other issues that are not directly applicable to Bro.
More information about the Bro